Skip to main content

Motors Car Dealer Classifieds Listing

9 CVEs product

Monthly

CVE-2025-3437 MEDIUM PATCH This Month

The Motors - Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress PHP Authentication Bypass Motors Car Dealer Classifieds Listing
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-2808 MEDIUM PATCH This Month

The Motors - Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Phone Number parameter in all versions up to, and including, 1.4.63. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Motors Car Dealer Classifieds Listing PHP
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-2807 HIGH PATCH This Week

The Motors - Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

RCE WordPress Authentication Bypass Motors Car Dealer Classifieds Listing PHP
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-13737 MEDIUM PATCH This Month

The Motors - Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Motors Car Dealer Classifieds Listing
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-10970 MEDIUM This Month

The The Motors - Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection WordPress Motors Car Dealer Classifieds Listing
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-5545 MEDIUM PATCH This Month

The Motors - Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Motors Car Dealer Classifieds Listing
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-46207 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors - Car Dealer, Classifieds & Listing.4.6. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Motors Car Dealer Classifieds Listing
NVD
CVSS 3.1
4.1
EPSS
0.2%
CVE-2023-46208 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Motors Car Dealer Classifieds Listing
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-3989 HIGH POC This Week

The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress Motors Car Dealer Classifieds Listing
NVD WPScan
CVSS 3.1
8.8
EPSS
1.0%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Motors - Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress PHP Authentication Bypass +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Motors - Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Phone Number parameter in all versions up to, and including, 1.4.63. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Motors Car Dealer Classifieds Listing +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The Motors - Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

RCE WordPress Authentication Bypass +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Motors - Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Motors Car Dealer Classifieds Listing
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The The Motors - Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection WordPress +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The Motors - Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Motors Car Dealer Classifieds Listing
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors - Car Dealer, Classifieds & Listing.4.6. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Motors Car Dealer Classifieds Listing
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Motors Car Dealer Classifieds Listing
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress +1
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy